How to analyze H3C iMC combined with SNMPv3 protocol to manage equipment from different manufacturers

WBOY
Release: 2023-06-02 16:19:58
forward
1599 people have browsed it

Network management software is welcomed by more and more customers, and IT manufacturers are also actively launching their own network management software. As for the use effect and experience, everyone feels it for themselves, and everyone in the IT circle knows it. Based on my recent implementation project, I deployed the iMC operation and maintenance management platform developed by H3C (it is said to be now called "New H3C"), which involves equipment from different manufacturers. I will briefly share it with you.

Most network management software manages network devices through the SNMP protocol. So the question is, is SNMP a weird thing?

SNMPProtocol Introduction

SNMP (Simple Network Management Protocol, Simple Network Management Protocol) is a standard network management protocol in the Internet. It is widely used to enable management devices to access and manage managed devices.

The SNMP network environment contains two elements: NMS and Agent:

NMS (Network Management Station, network management system) is the manager of the SNMP network and can provide a friendly human-computer interaction interface. It is convenient for network administrators to complete network management work.

In an SNMP network environment, Agent serves as a managed object, receiving and processing request messages from the network management system. When the interface status changes or other emergency situations occur, the agent program will automatically send warning information to the network management system.

SNMPProtocol working mechanism

When NMS manages the device, it manages the device through the MIB (Management Information Base). The hierarchical relationship between nodes and the attributes of objects are defined by MIB. These attributes include object names, access rights and data types. Each Agent has its own MIB. The NMS can compile the respective MIB files of the managed devices to generate the MIB of the corresponding device. Through access authorization, NMS manages the Agent and completes the read and write operations of MIB nodes.

SNMP provides the following basic operations to realize the interaction between NMS and Agent:

GET operation: NMS uses this operation to query the value of one or more nodes in the Agent MIB.

SET operation: NMS uses this operation to set the value of one or more nodes in the Agent MIB.

Trap operation: Agent uses this operation to send alarm information to NMS.

SNMPProtocol version

Currently Agent supports three versions of SNMPv1, SNMPv2c and SNMPv3:

Community Name ) authentication mechanism is used for SNMPv1. The community name is similar to a password and is used to restrict NMS's access to the Agent. If the community name carried by NMS when accessing the managed device is different from the community name set on the managed device, the SNMP connection cannot be established, resulting in access failure.

SNMPv2c also uses the community name authentication mechanism. SNMPv2c extends the functions of SNMPv1: providing more operation types; supporting more data types; providing richer error codes to distinguish errors in more detail.

SNMPv3 adopts USM (User-Based Security Model, user-based security model) authentication mechanism. Network administrators can set up authentication and encryption features. Authentication is used to verify the legitimacy of the message sender to avoid access by illegal users; encryption is to encrypt the transmission messages between the NMS and the Agent to avoid eavesdropping. Enabling authentication and encryption functions can enhance the security of communication between NMS and Agent.

The main difference between the three versions is that the V1 and V2C versions only need to configure the read and write community words to achieve device management. The V3 version needs to configure related user, authentication, encryption and other factors, combined with H3C iMC and equipment from different manufacturers. Different configuration examples are given.

H3CDeviceSNMPv3Configuration

# Configure the IP address of the Agent and ensure that the Agent The route to NMS (H3C iMC) is reachable.

system-view

[Agent] snmp-agent groupv3 h4c*/v3 refers to the SNMP version, h4c is the group name and can be changed

# Set the user name used by Agent to h4c, the authentication algorithm to MD5, the authentication password to h4c, the encryption algorithm to DES56, and the encryption password to h4c

[Agent] snmp-agent usm-user v3h4ch4cauthentication-modemd5h4cprivacy-mode des56h4c

# Set device contacts

[Agent] snmp-agent sys-info contacth4c

[Agent]snmp-agent sys-infoversion v3

# Set to allow trap messages to be sent to NMS , the username used is h4c.

[Agent] snmp-agent trap enable

[Agent] snmp-agent target-host trap addressudp-domain1.1.1.2params securitynameh4cv3privacy */The address is the IMC server address

The Huawei configuration is basically the same as the H3C device configuration, with minor differences.

CiscoDevice Configuration

switch(config)#snmp-servercommunity RO/RW

switch(config)#snmp-serveruser v3 authen md5 priva des56

switch(config)#snmp-servergroup v3authen/priva

switch(config)#snmp -serverhost x.x.x.xtraps version 3 priva

switch(config)#snmp-serverenable traps

For the configuration of ZTE, Lenovo, Maipu and other devices, please refer to Cisco. It is recommended to select the private encryption algorithm as des56 during configuration, because Cisco Layer 2 switches do not support the AES128 encryption algorithm.

H3C iMCPlatform configuration

It is recommended to configure the SNMPv3 template in the iMC platform. Subsequently, you only need to set the parameters in the SNMPv3 configuration file on the network device. Just set it to match the template:

Configure relevant parameters


Fill in the template name, select "SNMPv3 Priv-DesAuth-Md5" for the parameter type, fill in "h4c" for the user name, and authenticate Fill in "h4c" for the password and encryption password, and click OK.

When adding a device, enter the device management address and select the SNMP template to add the device.

After the addition is completed, you can view and manage the device information

The above is the detailed content of How to analyze H3C iMC combined with SNMPv3 protocol to manage equipment from different manufacturers. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!